C
Charlie
I am trying to make an XMLHttpRequest which violates the default "same-
origin"policy in Firefox. I checked the archives and found a method
that should work but it does not. Below is the test code I isolated. I
set signed.applets.codebase_principal_support true and seemed to get
the UniversalBrowserRead permission but then the open still failed
with the same old "Permission denied to call method
XMLHttpRequest.open" error. Can someone tell me what I did wrong?
Thanks, Charlie Crowley
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<!-- I added the line
user_pref("signed.applets.codebase_principal_support", true);
to my "Prefs.js" file and it shows up as true in "about:config" when
I check -->
<script>
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
console.log("Got UniversalBrowserRead permission, about to call
req.open()");
var req = new XMLHttpRequest();
req.open("GET", "http://s3.amazonaws.com/", false);
console.log("req.open() did not fail");
</script>
</head>
<body></body>
</html>
origin"policy in Firefox. I checked the archives and found a method
that should work but it does not. Below is the test code I isolated. I
set signed.applets.codebase_principal_support true and seemed to get
the UniversalBrowserRead permission but then the open still failed
with the same old "Permission denied to call method
XMLHttpRequest.open" error. Can someone tell me what I did wrong?
Thanks, Charlie Crowley
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<!-- I added the line
user_pref("signed.applets.codebase_principal_support", true);
to my "Prefs.js" file and it shows up as true in "about:config" when
I check -->
<script>
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
console.log("Got UniversalBrowserRead permission, about to call
req.open()");
var req = new XMLHttpRequest();
req.open("GET", "http://s3.amazonaws.com/", false);
console.log("req.open() did not fail");
</script>
</head>
<body></body>
</html>